bro just add another octet to the end of ipv4. That goes from 4 billion to a trillion and will most definitely outlast modern electronics and capitalism

[–] Part4@infosec.pub 9 points 6 days ago* (last edited 6 days ago) (1 children)

I think they must have thought: 'Well we thought four and a quarter billion was going to be enough. We don't want to repeat the mistake, so let's create an unimaginably large address space.'

Which, with the benefit of hindsight, now looks daft itself.

[–] TWeaK@lemmy.today 5 points 6 days ago

It looks daft now with a little hindsight, but we're kind of still in the foresight stage for the overall life of IPv6.

[–] ChronicEntertainment@lemmy.zip 1 points 6 days ago

Imagine using ipv6

[–] frezik@lemmy.blahaj.zone 220 points 1 week ago (23 children)

I know it's a joke, but the idea that NAT has any business existing makes me angry. It's a hack that causes real headaches for network admins and protocol design. The effects are mostly hidden from end users because those two groups have twisted things in knots to make sure end users don't notice too much. The Internet is more centralized and controlled because of it.

No, it is not a security feature. That's a laughable claim that shows you shouldn't be allowed near a firewall.

Fortunately, Google reports that IPv6 adoption is close to cracking 50%.

[–] truthfultemporarily@feddit.org 102 points 1 week ago (3 children)

I think NAT is one reason why the internet is so centralized. If everyone had a static IP you could do all sorts of decentralized cool stuff.

[–] frezik@lemmy.blahaj.zone 74 points 1 week ago

Right, not the only reason, but it's a sticking point.

You shouldn't need to connect to your smart thermostat by using the company's servers as an intermediary. That makes the whole thing slower, less reliable, and a point for the company to sell your personal data (that last one being the ultimate reason why it's done this way).

[–] Creat@discuss.tchncs.de 40 points 1 week ago (2 children)

Everyone having a static IP is a privacy nightmare.

There's a reason the recommendation in the standard for ipv6 had to be amended (it whatever the mechanic was) so that generated local suffixes aren't static. Before that, we were essentially globally identifiable because just the second half of your v6 address was static.

[–] pupbiru@aussie.zone 3 points 6 days ago (1 children)

publicly addressable does not mean publicly routable… your router would still not arbitrarily connect untrusted external devices to internal hosts

NAT has the property of a firewall only as an implementation detail. replacing NAT with an IPv6 firewall in the router is an upgrade in every conceivable way

[–] Creat@discuss.tchncs.de 2 points 6 days ago* (last edited 6 days ago) (1 children)

I'm aware of that, and didn't say otherwise?

My comment wasn't even ipv6 specific, quite the opposite. The comment I was replying to also wasn't, and the implication that things would be better if everyone had a fixed IP(v4) was actually the specific privacy nightmare scenario I wanted to emphasize. That is the literal worst case of all.

Things can be mitigated somewhat with IPv6, but also only to a degree. Here you'd (usually) have a static prefix and not IP. You then need to use the randomized suffix generation (on a host level, or in DHCPv6 if you're using that), and not all OS so this by default, but I think Windows does these days. Advertising data collectors, which means basically every web site, could just assume that your prefix is stable and the information they gain if they happen to be correct it's... uncomfortable.

[–] pupbiru@aussie.zone 3 points 6 days ago

ah! sorry i misread/misunderstood privacy to mean security in your comment :)

load more comments (1 replies)

load more comments (22 replies)

[–] domi@lemmy.secnd.me 59 points 1 week ago (11 children)

My favorite thing to use IPv6 for is to use the privacy extension to get around IP blocks on YouTube when using alternative front ends. Blocked by Google on my laptop? No problem, let me just get another one of my 4,722,366,482,869,645,213,696 IP addresses.

I have a separate subnet which is IPv6 only and rotates through IP addresses every hour or so just for Indivious, Freetube and PipePipe.

load more comments (11 replies)

[–] Blaster_M@lemmy.world 57 points 1 week ago* (last edited 1 week ago) (1 children)

Skill issue

IPv6 is easy to do.

2000::/3 is the internet range

fc00::/7 is the private network range (for non routing v6)

fe80::/64 is link local (like apipa but it never changes)

::1/128 is loopback

/64 is the smallest network allocation, and you still have 64 bits left for devices.

You don't need NAT when you can just do firewalling - default drop new connections on inbound wan and allow established, related on outbound wan like any IPv4 firewall does.

Use DHCPv6 and Prefix Delegation (DHCPv6-PD) to get your subnets and addresses (ask for a /60 on the wan to get 16 subnets).

Hook up to your printer using ipv6 link local address - that address never changes on its own, and now you don't have to play the static ip game to connect to it after changing your router or net config.

The real holdup is ISPs getting ultra cheap routers that use stupid network allocation systems (AT&T) that are incompat with the elegant simplicity of prefix delegation and dhcp.

load more comments (1 replies)

[–] Tiger_Man_@lemmy.blahaj.zone 57 points 1 week ago (23 children)

I hope nat burns in hell when ipv6 will become standard

load more comments (23 replies)

[–] NuXCOM_90Percent@lemmy.zip 53 points 1 week ago (16 children)

In my personal life I will probably "never" intentionally use ipv6.

But it is a DAMNED good sniff test to figure out if an IT/NT team is too dumb to live BEFORE they break your entire infrastructure. If they insist that the single most important thing is to turn it off on every machine? They better have a real good reason other than "it's hard"

load more comments (16 replies)

[–] nonentity@sh.itjust.works 49 points 1 week ago (8 children)

The reason IPv6 was originally added to the DOCSIS specs, over 20 years ago, is because Comcast literally exhausted all RFC1918 addresses on their modem management networks.

My favourite feature of IPv6 is networks, and hosts therein, can have multiple prefixes and addresses as a core function. I use it to expose local functions on only ULA addresses, but provide locked down public access when and where needed. Access separation is handled at the IP stack, with IPv4 it’s expected to be handled by a firewall or equivalent.

load more comments (8 replies)

[–] Kolanaki@pawb.social 46 points 1 week ago (5 children)

Surely we can do better. Why not IPv10? That's 4 higher than 6!

load more comments (5 replies)

[–] thejml@sh.itjust.works 44 points 1 week ago (6 children)

I use IPv6 every day and everywhere I can. It solves so many issues in large corporate and ISP network setups. And yes 10. Wasn’t big enough, and NATing is a PitA.

Honestly we just keep pushing it off when it’s not that bad. Workaround after workaround just because people are lazy.

load more comments (6 replies)

[–] socsa@piefed.social 36 points 1 week ago (3 children)

Meh, the idea of having every address be globally routable makes a lot of sense. NAT is a great bandaid but it's still a bandaid. It still limits how peer to peer and multicast applications function, especially on larger networks.

load more comments (3 replies)

load more comments